The use of electronic devices to access content over networks has grown significantly over the years. People can now interact with content over networks using a variety of electronic devices. The ability to access content over networks, such as the Internet, has been great for connecting people to information. Unfortunately, certain individuals have designed malware, short for malicious software, to compromise innocent computer systems connecting to these networks.
Malware is software that is designed for hostile or intrusive purposes. Malware may be designed, for example, for gathering information, accessing resources without authorization, or other malicious purposes. Examples of different types of malware include computer viruses, worms, trojan horses, spyware, adware, and bots (short for “robots”). Some types of malware allow a remote attacker to control an infected computer. These types of malware may use network communications, known as “Command and Control” or “C2” channels, to maintain a connection between the attacker and the compromised computer. The attacker may control the infected computer to carry out malicious activities such as e-mail spam, click fraud, distributed denial-of-service attacks (DDoS), or identity theft. Attackers may use clandestine ways of distributing the malware, so that users of compromised devices are not aware that the malware is on their devices.
Malware may store information or have an algorithm for identifying a domain name or IP address of an attacker to contact when a certain event occurs (e.g., when a user opens the malware application, when a certain time occurs). This contact may open a communication channel by which an attacker can control the infected computer. Attackers often use the domain name system (DNS) to obtain control of infected host computers. DNS is a hierarchical lookup service used on the Internet to map character-based domain names into numerical Internet Protocol (IP) addresses. By storing a domain name, rather than an IP address, in the malware, an attacker can change their IP address over time to avoid detection. The infected computer will still connect to the current IP address of the attacker through resolution of the domain name from DNS.
As use of the Internet continues to grow, malware developers have more incentives than ever for developing and releasing their software. In order to protect computers from becoming compromised by malware, there has been a growing demand for security technologies, such as anti-virus software, intrusion detection systems, and firewalls. However, developers of malicious software still find ways to evade existing security technologies.